Description
When trying to download a B2 file using the Client::download function, I've noticed that we can overwrite the hostname we're connecting to, leaving just the path.
cURL will then correctly complain that an invalid URL is given. That's because we're asking for /b2api/v1/b2_download_file_by_id?whatever instead of https://xxxx.backblazeb2.com/b2api/v1/b2_download_file_by_id?whatever
I think that I only see this because I'm passing in an invalid token, but I think the bug is still valid.
To fix this, I think we need to change src/Client.php's download function and move $this->authorizeAccount() above the if (isset($options['FileId'])) and $requestOptions = [ ... ] blocks. authorizeAccount can set the class's downloadUrl and authToken variables, and we're relying on these in this function.